...
| Bloc de code |
|---|
|
wagonSecurity:
callbackUrl: https://domain.com/application/callback
accessTokenExpiryAdvance: 30
corsAuthorizer:
allowedOrigins: "*"
allowedMethods: GET,POST,HEAD,OPTIONS,PUT,DELETE
# allowedHeaders: Content-Type,X-Requested-With,accept,Origin,Access-Control-Request-Method,Access-Control-Request-Headers,Authorization
# preflightMaxage: 1800
authorizationGenerator:
className: com.hardis.adelia.jee.security.RoleGenerator
rolesClaim: resource_access.clientId.roles, realm_access.roles
clientsProperties:
Oidc.client_name: clientName
oidc.id: clientId
oidc.secret: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
oidc.discoveryUri: https://identity_provider.com/pathTo/.well-known/openid-configuration
oidc.useNonce: true
oidc.preferredJwsAlgorithm: RS256
oidc.scope: openid email profile
oidc.clientAuthenticationMethod: client_secret_post |
...
| Bloc de code |
|---|
|
package com.test;
import org.pac4j.core.authorization.generator.AuthorizationGenerator;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.profile.CommonProfile;
import com.hardis.adelia.jee.security.SecurityConfig;
public class CustomRoleGenerator<U extends CommonProfile> implements AuthorizationGenerator<U> {
private String adminProfile;
public CustomRoleGenerator() {
adminProfile = SecurityConfig.getString(SecurityConfig.AUTHORIZATION_GENERATOR, "adminProfile", "admin");
}
@Override
public U generate(WebContext context, U profile) {
for (String role: computeRoles(context, profile)) {
profile.addRole(role);
}
return profile;
}
private String[] computeRoles(WebContext context, U profile) {
return (profile.getUsername().equals(adminProfile))? new String[] { "wagon-administrator", "user" } : new String[] { "user" };
}
} |
The "corsAuthorizer"; section is used to enable a built-in CORS filter. This is an optional section.
...
| Bloc de code |
|---|
|
<filter>
<filter-name>SecurityFilter</filter-name>
<filter-class>com.hardis.adelia.jee.security.filter.SecurityFilter</filter-class>
<init-param>
</filter> <param-name>excludeUrlPattern</param-name>
<param-value>/logout.jsp.*|/js/.*|/favicon.ico|/WagonServlet.*action=DOWNLOAD.*</param-value>
</init-param>
</filter>
...
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping> |
Using with Adelia Cloud:
...
| Bloc de code |
|---|
|
<filter-mapping>
<filter-name>SecurityFilter</filter-name>
<url-pattern>/index.jsp</url-pattern>
<url-pattern>/WagonServlet/*</url-pattern>
<url-pattern>/WagonSyncServlet/*</url-pattern>
<url-pattern>/WagonWS/*</url-pattern>
</filter-mapping> |
The com.hardis.adelia.jee.security.filter.CallbackFilter filter
...
| Bloc de code |
|---|
|
<filter>
<filter-name>CallbackFilter</filter-name>
<filter-class>com.hardis.adelia.jee.security.filter.CallbackFilter</filter-class>
<init-param>
<param-name>renewSession</param-name>
<param-value>false</param-value>
</init-param>
</filter>
...
<filter-mapping>
<filter-name>CallbackFilter</filter-name>
<url-pattern>/callback</url-pattern>
</filter-mapping> |
The com.hardis.adelia.jee.security.filter.LogoutFilter filter
...
| Bloc de code |
|---|
|
<filter>
<filter-name>LogoutFilter</filter-name>
<filter-class>com.hardis.adelia.jee.security.filter.LogoutFilter</filter-class>
<init-param>
<param-name>centralLogout</param-name>
<param-value>true</param-value>
</init-param>
...
</filter>
...
<filter-mapping>
<filter-name>LogoutFilter</filter-name>
<url-pattern>/jee/logout</url-pattern>
</filter-mapping>
... |
Using with Adelia Cloud:
...
| Bloc de code |
|---|
|
runtime_ group:'com.hardis.adelia',name:'adelia-jee-security',version:'${project.ext.adeliaVersion}' |
...
| Bloc de code |
|---|
|
runtime_ group:'org.pac4j',name:'pac4j-ldap',version:'3.8.0'
runtime_ group:'org.pac4j',name:'pac4j-http',version:'3.8.0' |
...
